Solved

Remote access and secure data exchange

Posted on 2013-06-21
7
462 Views
Last Modified: 2013-06-24
Hi guys
Hope you can me out. I'm looking for some guidance on the following scenario.
My company recently went into partnership with a company that have Point of Sale systems and servers. My company want to retrieve data on POS and server and connect the figures to our financial system at head-quarters.

Issue number 1: We currently to not have control of POS and Servers. We do not software, anti-virus, patching etc on those machines as they are managed by other consultants.
Our application guys just want to create VPN between sites and allow those system to communicate through our firewall over specific ports. I don't think this is the best way to proceed.

Issue number 2: Headquarters want to access the POS to manage or troubleshoot systems on occasion. Would GotoAssist, NetSupport or WebEx be secure viable solutions for this?

Thank you in advance for your help. Any guidance for people that went through these types of things would relieve some stress over here...

CP
0
Comment
Question by:CProp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 16

Assisted Solution

by:Michael Ortega (Internetwerx, Inc.)
Michael Ortega (Internetwerx, Inc.) earned 250 total points
ID: 39267518
What POS are you referring to? Some POS systems have tools already developed to export financial data natively.

Lots of different ways to administer your systems. Bomgar and CommandCenter are appliance based systems that even target the POS/KIOSK markets.

MO
0
 
LVL 32

Accepted Solution

by:
aleghart earned 250 total points
ID: 39268892
Not sure why you think a VPN is a bad idea.  It's far better than any transmission over the internet.  You can also use the VPN tunnel for remote access in a secure manner.  No ports open to internet.

If you have a lot of units and techs, than a cost-effective tool is ScreenConnect.  For $3,000 you get an unlimited server license for any number of endpoints and techs and open sessions.  Any of the other tools will cost that much for just 2 or 3 techs.

I ran a demo server.  Remote connections were faster and clearer than TeamViewer, which is already faster and clearer than GoTo__, LogMeIn, and WebEx.

You can white-label or private-brand the server GUI.  Using MS Windows & Internet Explorer from the tech's workstation is the best experience.  You can scale the user's screen quickly.  No scrolling.  Multiple monitors are fine too.

I used it to connect to a workstation with a vertical 1920x1080 monitor plus a 2MP horizontal monitor.  The clarity was impressive.  Could see x-ray images without a lot of artifacting or banding.
0
 

Author Comment

by:CProp
ID: 39269566
This is a good starting point for me
To answer the questions:
- The POS system is Pro-ShopKeeper from Club Prophet Systems.

Just a bit of clarification, I don't think the VPN is a bad idea per say. Encrypted tunnel is a good thing between 2 trusted sites.
I'm hesitant about doing this with a site where we don't control the end-point and the users that use those systems. They might install malware from malicious websites and VPN tunnel would be a vector into our organization.

Looking foward to your response

CP
0
Watch Anatomy of a Wi-Fi Hack On-Demand

In less than a weekend, anyone with Internet access and some free time can become a Wi-Fi MitM to wreak havoc on your network. View our Wi-Fi Expert in an on-demand episode of our Secure Wi-Fi mini-series as he explores the motives, execution, and anatomy of a Wi-Fi hack.

 
LVL 32

Expert Comment

by:aleghart
ID: 39269587
Tunnel can be limited at either end, and by service/port.  So, you could have access to their /24 network, and limit them to just your remote control server or patch server, etc.
0
 

Author Comment

by:CProp
ID: 39270090
Maybe you are right. I might just being overly paranoid on that front.
I was looking at scenario about a malicious application that  tunnel through that service/port?
I know my boss will ask about that and I'm not sure about the risk.
Things like an reverse proxy or application firewall for deep packet inspection?

CP
0
 
LVL 32

Expert Comment

by:aleghart
ID: 39270173
If you limit your endpoint to port 1001 at 10.0.0.1, then the only exposure is that host on only port 1001.  Attempts to reach any other host or any other port will be blocked by your VPN policy.

If any other party tries to make a VPN connection, they would need the correct tunnel config and pre-shared key...and would have to have an IP address that matches your policy.

If you ever need to disconnect a client, or decide to cease operations with a customer, either end can disable the tunnel, and there will be zero access.
0
 

Author Closing Comment

by:CProp
ID: 39272310
Thanks guys, I really appreciated the quick response on this topic.

Chris
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Pivoting oracle table 9 72
Short term mitigation for Symantec's certs (Google's downgrading) 2 35
Special characters in a TCPDF 4 24
Convert VBA UDF to SQl SERVER UDF 4 48
If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question